CVE-2023-4237

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2023-4237

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-4237.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2023-4237

Aliases

GHSA-ww3m-ffrm-qvqv

Downstream

DEBIAN-CVE-2023-4237

UBUNTU-CVE-2023-4237

Published

2023-10-04T15:15:12Z

Modified

2025-09-19T14:40:09.155865Z

Severity

7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

A flaw was found in the Ansible Automation Platform. When creating a new keypair, the ec2_key module prints out the private key directly to the standard output. This flaw allows an attacker to fetch those keys from the log files, compromising the system's confidentiality, integrity, and availability.

References

Affected packages

Git / github.com/ansible-collections/amazon.aws

Affected ranges

Type: GIT
Repo: https://github.com/ansible-collections/amazon.aws
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

e68f0e1c573a76efc4b2e40e6f4acdc8e8310729

Type: GIT
Repo: https://github.com/ansible-collections/community.aws
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

ee984b2b972275bbc4e6a011ed9046d497689e16

Affected versions

0.*

0.1.2

1.*

1.0.0

1.1.0

1.2.0

1.2.1

1.3.0

1.4.0

1.4.1

1.5.0

2.*

2.0.0